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Abstract 

y Supervisory control of discrete-event systems with a global safety spec- 

ification and with only local supervisors is a difficult problem. For global 
specifications the equivalent conditions for local control synthesis to equal 

k^ global control synthesis may not be met. This paper formulates and solves 

r — a control synthesis problem for a generator with a global specification and 

g— **) with a combination of a coordinator and local controllers. Conditional 

r — controllability is proven to be an equivalent condition for the existence of 

£N| such a coordinated controller. A procedure to compute the least restric- 

I^V tive solution is also provided in this paper and conditions are stated under 

^^ which the result of our procedure coincides with the supremal controllable 

f ») sublanguage. 

^ 1 Introduction 

; i This paper investigates the supervisory control synthesis of modular discrete- 

event systems with a coordinator. Discrete-event systems (DES) represented as 
finite-state machines have been studied by P. J. Ramadge and W. M. Wonham 
in [S] . Large discrete-event systems are typically formed as a synchronous com- 
position of a large number of local components (subsystems) that are themselves 
modeled by finite-state machines and run in parallel. Systems formed in this 
way are often called modular discrete-event systems. 

The aim of supervisory control is to ensure that the control objectives of 
safety and of liveness are satisfied by the closed-loop system. Specifically, the 
safety property means that the behavior (language) of the system must be in- 
cluded in a specified language, called a specification, and the liveness property 



means that the system cannot get to deadlock or livelock. Since only so-called 
controllable specification languages can be achieved, one of the key issues in 
supervisory control synthesis is the computation of the supremal controllable 
sublanguage of the given specification, from which the supervisor can then be 
constructed. 

From an application viewpoint, global (indecomposable) specifications are 
much more interesting than local specifications. Sometimes, local subsystems 
are independent (in the sense that their event sets are disjoint), and they are only 
coupled implicitly via a global specification. In the case of global specifications, 
it is often impossible to synthesize the supervisors locally, i.e., within a fully 
decentralized control architecture. In some cases it is possible to exploit the 
modular structure of the plant and to avoid the manipulation with the global 
plant. However, structural conditions on local plant languages proposed in [4] 
and further weakened in [6] under which this is possible are still very restrictive. 

In this paper, another approach to deal with global specifications is intro- 
duced. It relies on the coordination control scheme proposed first in [5], where 
a coordinator is applied for the control of modular discrete-event systems. The 
coordinator receives a part of the observations (events) from local subsystems 
and its task is to satisfy the global part of the specification and the nonblocking- 
ness. Hence, the coordinator can be seen as a two-way communication channel, 
where some events belonging to the coordinator event set are exchanged (com- 
municated) between both subsystems. 

Thus, coordination control may be seen as a reasonable trade-off between a 
purely decentralized control synthesis, which is in some cases unrealistic, and 
a global control synthesis, which is naturally prohibitive for space complex- 
ity reasons. Moreover, the conditions obtained from the coordination control 
framework are based on the specification itself rather than on local plants. 

In this paper, we are only concerned with the safety issue. First, we propose 
a necessary and sufficient condition on a specification language to be exactly 
achieved in the coordination control architecture that consists of a coordinator, 
its supervisor, and local supervisors for the subsystems. We call this condition 
conditional controllability, and it refines the condition that was only a sufficient 
one and has been presented in [5], It is shown that the supremal conditionally 
controllable sublanguage of a given specification language always exists. In ad- 
dition to the above mentioned existential result, a procedure for computation of 
the supremal conditionally controllable sublanguage is proposed. Finally, in the 
setting of this computation procedure the supremal conditionally controllable 
sublanguage is shown to be included in the supremal controllable sublanguage 
and additional conditions are found under which both concepts coincide. 

The organization of this paper is as described below. In the next section, 
decentralized supervisory control of modular discrete-event systems is recalled 
and the coordination control approach is motivated. In Sections [2] and [3] we 
briefly recall the coordination control framework and concepts. In Section |4j our 
first result is presented: the equivalence condition on a specification language 
to be exactly achieved in the coordination control architecture. In addition, we 
show that the supremal conditionally controllable sublanguage always exists. 



Then, in Section [5] a procedure for its computation is proposed. Finally, in 
Section [61 some concluding remarks are summarized including a discussion on 
future extensions of this work. 



2 Decentralized and coordination control 
of modular discrete-event systems 

In this section, the elements of supervisory control theory needed in the rest of 
this paper are recalled. For more details, the reader is referred to lecture notes 
[TU] or the book [2J. Discrete-event systems (DES) are modeled as deterministic 
generators that are finite-state machines with partial transition functions. A 
(deterministic) generator G is a quintuple 

G = (Q,E,f,q ,Q m ) , 

where Q is a finite set of states, E is the finite set of events, f : Qx E — > Q is the 
partial transition function, go G Q is the initial state, and Q m C Q is the set of 
marked states. Recall that / can be extended by induction to / : Q x E* — >• Q 
in the usual way. The behaviors of DES generators are defined in terms of 
languages. The language of G is defined as L(G) — {s £ E* \ f(qo, s) £ Q}, and 
the marked language of G is defined as L m (G) = {s £ E* | /(go, s) € Q m }- 

The natural projection P : E* — > Eq, for some Eo Q E, is a mapping 
(morphism) which erases all symbols from E\E and keeps all the other symbols 
unchanged, i.e., it is defined so that 

• P(a) = e, for a£ E\E , 

• P{a) = a, for a G Eq, P(e) = e, and 

• for u,v £ E* , P(uv) — P(u)P(v). 

The inverse image of P, denoted by P^ 1 : Eq — >• 2 E , is defined as 
P^{a) = {x£E* \ P{x) =a}. 

These definitions are naturally extended to languages. 

In what follows, given event sets 23,-, Ej, E}., we denote by P 1 ^ 3 the pro- 
jection from Ei U Ej to Bfe, and by P| nfc the projection from JSj to Bj n -Efe. 
In addition, denote S^+j = £,U -Ej, for i,j e {1,2, fc}. Let E„ C E be the 
set of uncontrollable events and denote by E iu — E u n -E^, for i = 1,2, fc, the 
corresponding sets of locally uncontrollable events. Then, as mentioned above, 
E i+ j^ u denotes the set E i+ j n E u . 

Below, modular DES are considered. First, we recall that the synchronous 
product (also called the parallel composition) of languages L\ C E\ and L2 C 
Ej is defined by 

L 1 \\L 2 = P^ 1 (L 1 )nP2 1 (L 2 )£E*, 

where Pi : E* — > E* , for i — 1,2, are natural projections to local event sets. 



The synchronous product can also be defined for generators. In this case, for 
two generators G\ and G2, it is well known that L{G\^\Gi) — L(Gi)\\L(G2) and 
Lm{G\\\G2) — L m (Gi)\\L m (G2)- The reader is referred to [2] for more details. 

A controlled generator is a structure 

(G,E C ,T), 

where G is a generator, E c C E is the set of controllable events, E u = E \ E c is 
the set of uncontrollable events, and 

r = {7 C E I E u C 7} 

is the set of control patterns. 

A supervisor for the controlled generator (G, E c , T) is a map S" : L(G) — > T. 

A closed-loop system associated with the controlled generator (G, E Ul T) and 
the supervisor S is defined as the smallest language L(S/G) C I?* which satisfies 

1. e G L(SyG), 

2. if s G L(S/G), sa G L(G), and a G S(s), then also sa G L{S/G). 

In the automata framework, where the supervisor is represented by a DES 
generator, the closed-loop system can be recast as a synchronous product of the 
supervisor and the plant because it follows from the form of the control patterns 
that the supervisor never disables uncontrollable events, i.e., all uncontrollable 
transitions are always enabled. This is known as admissibility of a supervisor. 
Hence, for an admissible supervisor S that controls the plant G, one can write 

L(S/G) = L(S)\\L(G). 

The prefix closure L of a language L is the set of all prefixes of all its words. 
A language L C E* is said to be prefix-closed if L = L. 

Definition 1. Let L be a prefix-closed language over an event set E with the 
uncontrollable event set E u C E. A language K C E* is controllable with 
respect to L and E u if 

KE U DLCK. 

Given a prefix-closed specification language K C E* , the goal of supervisory 
control theory is to find a supervisor S such that 

L(S/G) = K . 

It is known that such a supervisor exists if and only if K is controllable [8] . 

Thus, for specifications that are not controllable, controllable sublanguages 
are considered. The notation sup C(K, L, E u ) is chosen for the supremal control- 
lable sublanguage of K with respect to L and E u . This supremal controllable 
sublanguage always exists and equals to the union of all controllable sublan- 
guages of K, see e.g. . 



A modular DES is simply a synchronous product of two or more generators. 
Decentralized control synthesis of a modular DES is a procedure, where the 
control synthesis is carried out for each module or local subsystem. The global 
supervisor then formally consists of the synchronous product of local supervisors 
although that product is not computed in practice. In terms of behaviors, the 
optimal global control synthesis is represented by the closed-loop language 

sapC(K,L,E u ) = sapC(\\% =1 K i ,\\% =1 L i ,E v ). 

Given a rational global specification language K C E* , one can theoretically 
always compute its supremal controllable sublanguage from which the optimal 
(least restrictive) supervisor can be built. Such a global control synthesis of a 
modular DES consists simply in computing the global plant and then the control 
synthesis is carried out as described above. 

Decentralized control synthesis means that the specification language K is 
replaced by 

K i = Kr\Pi-\L i ) 

and the synthesis is done similarly as for local specifications or using the notion 
of partial controllability [4]. Note the difference with decentralized control of 
monolithic plants as studied in [TT]. However, the purely decentralized control 
synthesis is not always possible as the sufficient conditions under which it can be 
used are quite restrictive. Therefore, we have proposed the coordination control 
in [S] as a trade-off between the purely decentralized control synthesis, which 
is in some cases unrealistic, and the global control synthesis, which is naturally 
prohibitive for complexity reasons. 

3 Concepts 

Coordination control for DES is inspired by the concept of conditional indepen- 
dence of the theory of probability and of stochastic processes. Recall from [5 
that conditional independence is roughly captured by the event set condition, 
when every joint action (move) of local subsystems must be accompanied by 
a coordinator action. In this paper, after the architecture of the coordination 
scheme is recalled, a new necessary and sufficient condition on a specification 
language to be exactly achieved in this architecture is presented. 

In the coordination scheme, first a supervisor Sk for the coordinator is syn- 
thesized that takes care of the part Pk(K) of the specification K. Then, su- 
pervisors Si, for i — 1,2, are synthesized so that the remaining parts of the 
specification, i.e., P i+ k(K), are met by the new plant languages Gj||(S/./Gfc), 
for i= 1,2. 

Definition 2. Consider three generators G\, G 2 , G^. We call G\ and G2 
conditionally independent generators given Gk if there is no simultaneous move 
in both G\ and G 2 without the coordinator G k being also involved. This condition 
can be written as 

Er{Gx\\G 2 ) n E r {G x ) n E r (G 2 ) C E r (G k ) , 



where E r (G) denotes the set of all reachable symbols in G, see also J^j. 

The concept is easily extended to the case of three or more generators. The 
corresponding concept in terms of languages follows. 

Definition 3. Consider event sets E\, E 2) E k and languages L\ C E*[, L 2 C 
E 2 , L k C Efc. Languages L\ and L 2 are said to be conditionally independent 
given L k if 

E r (L 1 \\L 2 )nE l nE 2 CE k , 

where E r (L) is the set of all (reachable) symbols occurring in words of L. 

Definition 4. A language K is said to be conditionally decomposable with 
respect to event sets (-Ei+fc, E 2+k , E k ) if 

K = P 1+k (K)\\P 2+k (K)\\P k (K). 

It is not hard to prove that K is conditionally decomposable if and only 
if there are languages M x C E* +k , M 2 C E^ +k , M 3 C E* k such that K = 
M1II-M2H-M3, see the following lemma. 

Lemma 5. A language M C E* is conditionally decomposable with respect to 
event sets (E\, E 2 , E k ) if and only if there exist languages Mi C E* , i = 1, 2, k. 
such that M = Mi\\M 2 \\M k . 

Proof. Conditionally decomposability means that M = P 1 (M)\\P 2 (M)\\P k (M). 
Let Mi = Pi(M) 1 for i = 1,2, k. Then the sufficiency is proven. To prove the ne- 
cessity, assume that there are languages Mj C E* , for i = 1, 2, k, such that M = 
Mi\\M 2 \\M k . Obviously, P l {M) C A/,, for i = 1, 2, fe, which implies the inclusion 
P fc (M)||Pi(M)||P 2 (M) C M. As it holds that M C p- 1 P l (M), for i = 1,2,/c, 
the definition of synchronous product implies that M C P fc (Af)||Pi(M)||P 2 (M). 
Hence, the lemma holds. □ 



4 Control synthesis of conditionally controllable 
languages 

Problem 6. Consider generators G\, G 2 , G k with event sets E\, E 2 , E k , 
respectively, and a prefix-closed specification language 

KQL{Gi\\G 2 \\G k ). 

We assume that K is prefix-closed because we only focus on controllability 
issues in this paper, while nonblocking issues will be addressed in a future work. 

Assume that the coordinator G k makes the two generators G\ and G 2 con- 
ditionally independent, and that the specification language K is conditionally 
decomposable with respect to event sets (Ei +kl E 2+k ,E k ). 



The overall control task is divided into local subtasks and the coordinator 
subtask. The coordinator takes care of its "part" of the specification, namely 
P k (K). Otherwise stated, S k must be such that 

L(S k /G k ) C P k {K) . 

Similarly, supervisors S\ and S2 take care of their corresponding "parts" of 
the specification, namely Pi +k (K), for i = 1,2. Otherwise stated, Si must be 
such that 

L(Si/[Gi\\(S k /G k )]) c P l+k (K) , 

fori = 1,2. 

The aim is to determine supervisors S\, S2, and S k for the respective gen- 
erators so that the closed-loop system with the coordinator is such that 

L(S 1 /[G 1 \\(S k /G k )})\\L(S 2 /[G 2 \\(S k /G k )})\\L(S k /G k ) = K. o 

Definition 7. Consider the setting of Problem [fi| We call the specification 
language K C E* conditionally controllable for generators {G\,G2,G k ) and 
locally uncontrollable event sets (Ei+ k u , i?2+fc,u) E k u ) if 

(i) Pk{K) C E k is controllable with respect to L{G k ) and E k<u ; equivalently, 

P k (K)E k , u nL(G k )CP k (K). 

(ii.a) the language P\ +k (K) C (E\ U E k )* is controllable with respect to the 
language L(Gi)\\P k (K)\\P k (L(G2)\\P k (K)) and Ei +k>u ; equivalently, 

P 1+k (K)E 1+k . u n L{G l )\\P k {K)\\Pl + \L{G 2 )\\P k {K)) C P 1+k (K) . 

(ii.b) the language P2+ k {K) C (E 2 U E k )* is controllable with respect to the 
language L{G2)\\P k (K)\\Pl +k (L(G 1 )\\P k {K)) and E 2+k , u ; equivalently, 



2+k 



(K)E 2+k>u n L{G2)\\P k {K)\\P 1 k +k {L{G 1 )\\P k (K)) C P 2+k (K) . 



The interpretation of the term after the intersection in (ii.a) is that the ef- 
fect of the subsystem G\ in combination with the controlled coordinator system 
G2\\Pk(K) has to be taken into account when checking conditional controllabil- 
ity. 

Since P k (K) is controllable with respect to L(G k ) and E kjU , there exists a 
supervisor S k such that 

P k (K)=L(S k /G k ). 

Note that the conditions of Definition [7] can be checked by classical algo- 
rithms with low (polynomial) computational complexity for verification of con- 
trollability as is directly clear from the definition. 

However, the complexity of checking conditional controllability is much less 
than that for the global system Gi\\G2\\G k . This is because instead of checking 
controllability with the global specification and the global system, we check it 
only on the corresponding projections to Ei +k and E2+ k - The projections are 
smaller when they satisfy the observer property (see Definition [20] below) . 
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4.1 Auxiliary results 

In this section, we present several auxiliary results that are useful in the rest of 
this paper. First, let us recall the following result proven in [TU] showing when 
a natural projection can be distributed over a synchronous product. 

Lemma 8. Let E k C E = E\ U E 2 be event sets such that E\ PI E 2 C E k . 
Let L\ C E^ and L 2 C B| be local languages. Let P k : E* — > J5?jJ be a natural 
projection, then 

fl b (Li||L 2 ) = Pi 1fc (Li)||ff nfc (L 2 ), 

An immediate consequence of Lemma IS] and the definition of synchronous 
product is the following lemma proven in [3J. 

Lemma 9. Let Ek C E = E\[J E 2 be event sets such that E k = E\ f\ E%. Let 
L\ C E\ and L 2 C i?^ &e /oca/ languages. Let Pi : E* — > £?* and Pi : E^ —¥ E k 
be natural projections, for i = 1, 2, fc and j = 1, 2. Then, for {i,j} = {1, 2} ; 

P l (L 1 \\L 2 ) = L l n(PJ c )- 1 P k '(L ] ). 

Lemma 10. Let L Q E* be a language and P k : E* — > .Ejj! oe a natural projec- 
tion with Ek C .E, /or some event set E. Then 

L\\P k (L)=L. 

Proof. As i C P^ 1 P k (L) , we obtain by the definition of the synchronous prod- 
uct that L||Pjfe(£) = in P fe _1 P fe (I) = L. n 

4.2 Control synthesis of conditionally controllable 
languages 

The following theorem presents the necessary and sufficient condition on a speci- 
fication language to be exactly achieved in the coordination control architecture. 

Theorem 11. Consider the setting of Problem^ There exist supervisors S\, 
S 2 , S k such that 

L(5 1 /[G 1 ||(5 fe M)]) II L(S 2 /[G 2 \\(S k /G k )}) || L(S k /G k )) = K (1) 

if and only if the specification K is conditionally controllable for generators 
(G\,G 2 ,G k ) and locally uncontrollable event sets (Ei +ktU ,E 2+ktU ,E k , u )- 

Proof. To prove the sufficiency, let the specification language K be conditionally 
controllable for generators (Gi,G 2 ,G k ) and locally uncontrollable event sets 
(Ei + k lU ,E 2+ k,u,E ktU ). It must be checked that (IT]) holds. 
However, as 

K C L{Gi\\G 2 \\G k ) =* P k (K) C L(G k ) , 



and Pk(K) is controllable with respect to L(Gk) and E k}U , it follows from [7] 
that there exists a supervisor S k over the event set E k such that 

L(S k /G k ) = P k (K) . 

Next, consider the language 

L{G X ) || L{S k /G k ) n {Pl +k )- l Pl +k L{G 2 \\{S k /G k )) 

= L(G 1 ) || L(S k /G k ) || P 2+fe L(G 2 ||(S fc /G fc )), 
by the definition of the synchronous product. Furthermore, 

K C L(Gi\\G 2 \\G k ) 

=> 
P 1+k {K) C P 1+k L{G 1 \\G 2 \\G k ) 

= P 1+fe (L(G 1 )||L(G fe )) || Pi n2 L(G 2 ) , by Lemma § 

= L(G 1 )||L(G,)||P fc 2 n2 L(G 2 ). 
Then, 
P l+k {K) C L(G 1 )||P 2 n2 L(G 2 )||L(G fe ) and 

p 1+fe (x) c (pi+^-^W 

=S> 

Pi +fe W C L(G 1 )||P 2 n2 L(G 2 )||L(G fe )||P fe (^) 

= L(G 1 )\\Pi n2 L(G 2 )\\L(G k )\\L(S k /G k ) 

= L(G 1 )\\Pi n2 L(G 2 )\\L(S k /G k ), 

by L(G k )\\L(S k /G k ) = L(S k /G k ) , 

= L(G 1 )\\P k 2 n2 L(G 2 )\\L(S k /G k )\\P k (K) 

- L(G 1 )\\L(S k /G k )\\P^+ k L{G 2 \\S k /G k )) , 

by P 2 n2 L(G 2 )||P fe (if) = P 2 k +k L(G 2 \\(S k /G k )) . 

From the above relations and the assumption that the system is conditionally 
controllable then follows that there exists a supervisor Si such that 

L{S x /[G 1 \\{S k /G k )\\Pl +k {G 2 \\{S k /G k ))]) = P 1+k (K) . 

Because of Condition (ii.b) of Definition [71 a similar argument shows that there 
exists a supervisor S 2 such that 

L(52/[G 2 ||(S fc /G fc )||P fc 1+fc (Gi||(5 fc /G fc ))]) = ft+k(*0 . 
In addition, 

L{S l /[G l \\{S k /G k )\\Pl +k {G l \\{S k /G k ))]) 

= L(S l )\\L{G % \\{Sk/G k ))\\Pl+ k L{G l \\(S k /G k )) 

= L{S i )\\L{G i \\{S k /G k )), byLemma[TOl (2) 

= LiSi/lGiWiSk/Gk)]) , 



which follows from the properties of the synchronous product. It is now sufficient 
to notice that 



L{S l /[G l \\{S k IG k )\\Pl +k {G 2 \\{S k /G k ))]) 

1AUQ. in. Ml i 

k 



L{S 2 /[G a \\(S h /G k )\\Pl +k (G 1 \m/G k ))]) 



can be rewritten using the commutativity of the synchronous product exchang- 
ing the third and the last component as 

L(S{) || L(Gi\\(S k /G k )) || P fe 1+fe L(G 1 ||(5 fc /G fc )) 

|| L(S 2 ) || L(G 2 \\(S k /G k )) || Pl +k L{G 2 \\{S k /G k )) 

which is reduced, using pi, to 

L(5i) || L(Gi||(5fc/G0) II £(&) || L(G 2 ||(5 fc /G fc )) 

= L(S 1 /[G 1 \\{S k /G k )]) || L(S 2 /[G 2 ||(S fc /G fc )]). 

Finally, since K is conditionally decomposable and equalities 

P 1+k (K) = L(S 1 /[G 1 \\(S k /G k )\\P^ k (G 2 \\(S k /G k ))}) 

fc 



P 2+fc (/f) = L(S 2 /[G 2 ||(5 fc /Gfc)||P fc 1+ *(Gi||(5fc/G fc ))]) 



P fc (^) = L(S fc /G fc ) 

are proven above, it follows that 

L(S 1 /[G 1 \\(S k /G k )})\\L(S 2 /[G 2 \\(S k /G k )})\\L(S k /G k )) 
= P 1+k (K)\\P 2+k (K)\\P k (K) = K . 

Thus, the sufficiency is proven. 

To prove the necessity, projections P k , P\+ k , P 2 + k will be applied to Equal- 
ity ([I]) . Let us recall that since all the supervisors are admissible, the closed-loop 
languages can be written as corresponding synchronous products. This means 
that (fTl) can be rewritten as follows. 

K = L(5i)||i(Gi)||L(5 fc )||i(Gfc)||i(S 2 )||L(G 2 )||i(5 fc )||L(G fc )||i(5 fe )||i(G fe ) 
= L(S 1 )\\L(G 1 )\\L(S 2 )\\L(G 2 )\\L(S k )\\L(G k ) , 

which yields after projecting by P k 

P k (K) = Pj t (L{S 1 )\\L{Gi)\\L(Sa)\\L(G2)\\L(S k )\\L(G k )) 
= L(S k )\\L{G k ) n P fc (L(5i)||L(Gi)||L(5 2 )||L(G 2 )) 

C L(S k )\\L(G k ) 
= L(S k /G k ) . 
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On the other hand, we always have L{S k /G k ) C Pk{K) because S k is a 
supervisor that enforces the coordinator part of the specification P k (K) . Hence, 
we have that 

L(S h /G h ) = Pk(K) , 

which means according to the basic controllability theorem of supervisory con- 
trol that Pk{K) C Ef. is controllable with respect to L(Gk) and E kiU , i.e., (i) of 
the definition of conditional controllability is satisfied. 

Now, (ii.a) of conditional controllability will be shown; (ii.b) is a symmetric 
condition. The application of P\+k to (II]) yields 

P l+k (L{S k /G k )\\L{S 1 /[G l \\{S k /G k )])\\L{S 2 /[G 2 \\{S k /G k )])) = P 1+k (K) . 

Since E 1+k n E 2+k = E k , L(S 2 )\\L(G 2 \\(S k /G k )) = L(S 2 ) n L(G 2 \\(S k /G k )) 
because both components are over the same event set E 2+k , and the fact that 

p Uk = p k +k im p!y that 

P l+k (K) = L(S k /G k ) || L(S 1 /[G 1 \\(S k /G k )}) \\ P^ k L(S 2 /[G 2 \\(S k /G k )}) 

= L(S k /G k ) || L(V[Gi||0VG fc )]) || P 2 k +k {L{S 2 )\\L(G 2 \\{S k /G k ))) 
C L(S k /G k ) || LOVtGilKSfc/Gfc)]) || P fe 2+fe £(G 2 ||(,5 fe /G fe )) 

C L(5i/[Gi||(5 fc /G fc )]) II n 2+fe i(G 2 ||(5 fc /G fc )) 
CL^x/ldlK^/Gfe)]) 

Using again the fact that the closed-loop behavior under admissible supervi- 
sors can be recast as a synchronous composition of the plant and the supervisor, 
we finally get 

L(Si) || L(G 1 )||L(^/G fc )||P 2+fc L(G 2 ||(^/G fc )) = P 1+k (K) . 



In this equality, the whole term Gi||(5'/ c /G fe )||P fe 2+fe (G 2 ||(5 fe /G fe )) after L(S 



can be taken as a new plant. According to the basic controllability theorem 
of supervisory control this equality implies that P\+ k (K) is controllable with 
respect to L(G 1 ||(5 fc /G fc )|ln 2+fc (G 2 ||(5 fc /G fc ))) and E 1+k , u , i.e., (ii.a) of the 
definition of conditional controllability is satisfied, which was to be shown. □ 

The interest in Theorem [IT] is in the computational savings in the com- 
putation of supervisors. The distributed way of constructing successively the 
supervisors Si, S 2l S k is much less complex than the construction of the global 
supervisor for the system Gi||G 2 ||Gfc. 

Note that it is required that L(S k /G k ) C P k (K). Similarly, it is required 
that L(Si/[Gi\\(S k /G k )}) C P i+k (K) 7 for i = 1,2. Otherwise stated, we are 
looking for necessary conditions on global specifications for having the maximal 
permissivity of the language resulting by the application of the control scheme 
only in the (reasonable) case where safety can be achieved by the supervisors 
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Sk,3i, and 5*2. We have proven that in such a case conditional controllability 
is necessary for the optimality (maximal permitting). It is clear from the proof 
that for the sufficiency part we need not assume the inclusions above (cf. [5]). 

In practice it is more interesting to know when safety (i.e., inclusion) holds 
when applying the overall control scheme combining a coordinator with local 
supervisors. 

Similarly as in the monolithic case it may happen that the maximal accept- 
able behavior given by the specification language K is not achievable using the 
coordination control scheme. It follows from Theorem [TT] that in our case such a 
situation occurs whenever K is not conditionally controllable. A natural ques- 
tion is to find the best approximation from below: a conditionally controllable 
sublanguage. It turns out that the following result holds true. 

Theorem 12. The supremal conditionally controllable sublanguage of a given 
specification K always exists and is equal to the union of all conditionally con- 
trollable sublanguages of K . 

Proof. Similarly as for ordinary controllability it can be shown that conditional 
controllability is preserved by language unions. □ 

Example 13. Consider the following generators over the event sets 

E k = {a, b, e, tp}CE 1 UE 2 = {a, d, e, ip} U {b, f, ip} , 

where the set of controllable events is E c — {e, b, ip}. Define 

• G\ = ({1, 2, 3, 4}, {a, d, e, ip}, f\, I, {1}) with the transition function f\ de- 
fined in Figure WaA 



G 2 = ({I, 2, 3}, {b, tp, /}, f 2 , 1, {1}) with the transition function f 2 defined 
in Figure \l^b) and 



the coordinator G k — ({1 , 2, 3}, {a, b, ip}, fk, 1, {1}) with fk defined in Fig- 
ure Wc) 



Assume the specification K is described by the DES generator 

D = ({1, 2, 3, 4, 5, 6, 7}, {a, b, d, f, ip}, S, I, {I}) , 

where 5 is defined as in Figure^ 

It can be verified that G k makes G\ and G 2 conditionally independent and 
that the specification language K is conditionally decomposable. In addition, 
Pk(K), Pi + k(K), and P 2 +k{K) are controllable with respect to languages L(Gk). 
L(G 1 )||P fc (^)||Pr fe (L(G 2 )||P fe (^)) ; and L(G 2 )\\P k (K)\\Pl +k (L(G 1 )\\P k (K)), 
respectively. The automata representations of supervisors Si, S 2 , and Sk coin- 
cide with generators Pk(K), Pi + k{K), andP 2+ k{K), respectively, see Figure\& 
Then, obviously, 

Lfa/ldMSt/Gk)]) || L(S 2 /[G 2 \\(S k /G k )}) || L{S k /G k )) = K. 
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(a) Generator for G\. 




(b) Generator for G2. 




(c) Generator for Gfc. 

Figure 1: Generators for Gi, G 2 , and G&. 

5 Supremal conditionally controllable 
sublanguages 

In this section, we present a procedure for the computation of the supremal 
conditionally controllable sublanguage to a given specification language K. As- 
sume generators Gi, G2, and G& are given. In what follows, we use the no- 
tation Li = L(Gi), for i = 1,2, k. Let supcC(i\T, L, {E 1+k>u , E 2+k>u , E kiU )) de- 
note the supremal conditionally controllable sublanguage of K with respect to 
L = L(Gi\\G2\\Gk) and uncontrollable event sets (Ei +k:U , E 2 +k,u, E k , u )- This 
approach is based on concepts from hierarchical supervisory control, which is 
natural because the coordination control can be seen as a combination of de- 
centralized and hierarchical supervisory control. 

5.1 Auxiliary results and definitions 

First, additional results and definitions required in the rest of this paper are 
introduced. Several lemmas recall and deepen the knowledge concerning natural 
projections. Then, definitions of two important notions are recalled. 

Lemma 14. Let E — E\ U E 2 and E k be event sets such that E\ n E 2 C Ek, 
and let L\ C E\ and L 2 C E 2 be two languages. Let Pk : E* — > E^ be a natural 
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Figure 2: Generator for D. 






(a) Generator for P^{K) = S k . 



(b) Generator for Pi + i t (K) = Si. 




(c) Generator for P2+fc(^0 = S2 ■ 

Figure 3: Generators for supervisors S k , Si, and S2. 



projection. Then, 

P k {L x \\L 2 ) = P fc 1 +*(Pf+*)- 1 (X 1 ) n p, 2+fc ( J P 2 2+fe )- 1 (i 2 ) • 

Proof. This follows from Lemma [HJ the definition of the synchronous product, 
and Proposition 4.2(6) in [3] showing the commutativity 

I -pk \-lpi _ pi+ki r>i+k\-l 
\ r ink) r ink — r k \ r i > ' 

for i = 1, 2. Specifically, in turn we have 

P fc (L 1 ||L 2 ) = P 1 1 nfe (L 1 )||P 2 2 nfe (L 2 ) 

= (-Pinfc) - Pmk(Li) n (P 2nfc ) P 2nk (L 2 ) 



p i + k {p i +k) -i {Li) n p 2 + k {p 2 +k) -i {L2) ^ 



which proves the lemma. 



□ 
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Lemma 15. Let E = E1LIE2 and E^ be event sets such that EiDE2 C Ek, and 
let L x C El, L 2 C J5£, anrf C fe C £* fee languages. Let P l k +k : {E z U E k )* -> £* 
&e a natural projection. Then, 



P^"{U\\c k ) = PT'CiTTW n c fc . 



Proof. This follows from Lemma 14 □ 



Lemma 16. Let £" C E be two event sets. Let MCE' be a language, and 
let P : E* — > E' be a natural projection. Then M is prefix-closed if and only if 
P~ l (M) is prefix- closed. 

Proof. Assume that P~ 1 (M) is prefix-closed. Let w £ M, then P(w) — w and, 
therefore, w € P~ 1 (M). For each prefix s of to, s £ P _1 (M). However, P(s) = 
s £ M. On the other hand, assume that M is prefix-closed. Let w £ P~ 1 (M) 
and x be its prefix. Then w = xy, for some y £ E* , and P(to) = P(x)P(y) £ M. 
Thus, P(ar) G A/, which implies x £ P _1 (M). D 

The following lemma extending the definition of controllability is proven in 

Lemma 17. Let K C L be two prefix-closed languages over an event set E. 
Then K is controllable with respect to L and E u if and only if 

KE* DECK. 

Lemma 18. Let E — E\ U E 2 be event sets, and let L x C E* and L 2 C E\ 
be two languages. Let Pi : E* — > E* be natural projections, for i = 1,2. Lei 
ACE* be a language such that P\{A) C Li and P2(j4) C £2- TTien 

ACLi||L 2 . 

Proo/. As A C P i _1 P i (^.), for j = 1, 2, it follows that 

= Pi ( A) 1 1 P 2 ( A) , by definition, 

CLi||X 2 . 

Hence, the lemma holds true. D 

Lemma 19 (Transitivity of controllability) . Let K C. L C. M be languages over 
an event set E such that K is controllable with respect to L and E u , and L is 
controllable with respect to M and E u . Then K is controllable with respect to 
M and E u . 

Proof. From the assumptions we know that 

KE U flLC K and LE U n M C L 
and we want to show that KE U n M C K. 
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Assume that s £ K, a £ E u , and sa £ M. Then, K C L implies that s £ L. 
As sa £ M, it follows from controllability of L with respect to M that sa £ L. 
However, sa £ L implies that sa £ K, by controllability of K with respect to 
L. Hence, the proof is complete. □ 

The following concepts 13] are required in the main result of this section. 
These concepts are stemming from hierarchical supervisory control [9 . It should 
not be surprising that they play a role in our study, because coordination control 
can be seen as a particular instance of hierarchical control. 

Definition 20. The natural projection P : E* — > E%, where E k C E are event 
sets, is an L-observer for L C E* if, for all t £ P{L) and s £ L, if P(s) is a 
prefix oft, then there exists u £ E* such that su £ L and P{su) = t. 

Definition 21. The natural projection P : E* — > Ef, where E k C E are event 
sets, is output control consistent (OCC) for L C E* if for every s £ L of the 
form 

s = <7i<72 ... <Je or s — s'crocri ■ ■ ■ o~t , t > 1 , 

where (TQ,ai £ Ek and oi £ E \ Ek, for i = 1, 2, . . . ,£ — 1, if ere £ E u , then 
o~i £ E u , for all i — 1, 2, . . . , (. — 1. 

5.2 Computation of supremal conditionally controllable 
sublanguages 

Now, we can present the main result of this section, which gives a procedure for 
the computation of supremal conditionally controllable sublanguages. 

Theorem 22. Let K and L — L 1 ||L 2 |jifc be two prefix-closed languages over 
an event set E — E\ U E<i U Ek, where Li C E* , for i — l,2,k, and let the 
specification language K be conditionally decomposable. Define the languages 

su P C fe = supC(P fe (ir)||P fc (L 1 ||L 2 )||L )t , J L fe , J B M ), 
supCi+fc = supC(Pi +fc (iir)||Li,Iri||supC fc ,J5i + A ! , u ), 
su P C 2+fc = svvC{P2+k{K)\\L2,L 2 \\suvC k ,E 2+k ^) . 

Let the projection P k be an (Pf ) — 1 {Li)-observer and OCC for the language 
(P* +k )- 1 (L i ), for i = 1,2. Then, 

sup C fe ||sup C 1+fc 1 1 sup C 2+k = sup cC(K n L, L, (Ei +k , u , E 2+ k,u, Ek,u)) ■ 

Proof. First, let us define 

M := supC fe ||supC 1+fe ||supC 2+fc 
and 
sup cC := sup cC(K n L, L, (E 1+k , u , E 2 +k,u, E k , u )) ■ 

To prove the first inclusion, M C supcC, we show that 
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1. M C K n L and 

2. M is conditionally controllable with respect to the language L and uncon- 
trollable event sets (Ei +k>u , E 2+k<u , E k>u ). 

1) First, notice that 

M = S upC fc ||supC 1+fc ||supC 2+fe CP fc (^)||L fc ||P 1+fe (^)||L 1 ||P 2+fe (^)||L 2 

= P k {K)\\P 1+k {K)\\P 2+k {K) || L fc ||Li||L 2 

K L 

= KnL 

since if is conditionally decomposable and L = Li\\L 2 \\L k . 

2) To prove that M is conditionally controllable with respect to the language 
L and (Ei+ k}U ,E2+ k , u ,E k , u ), we need to show the following three properties of 
Dcfinition0 

(I) P k {M)E kjU nL k QP k (M), 

(II) P l+k (M)E l+kjU n L 1 ||P fc (M)||P fe 2+fe (L 2 ||P fc (M)) C P 1+k (M), 

(III) P 2+fe (M)E 2+fejU n L 2 ||P fc (M)||P fe 1+fe ( J L 1 ||P fc (M)) c P 2+k (M). 

As the last two properties are similar, we prove only (II). 
(I) To prove that P k (M)E k , u nt t C P k {M) note that 

P k {M) = sup C k n P^ +fc (su P C 1+fe ) n P, 2+fe (sup c 2+fe ) , 

which follows from Lemma [8] by replacing the synchronous product with the 
intersection (which can be done because the components are over the same 
event set). 

Let x € P k (M), then there exists w € M such that P k (w) — x. Assume that 
a G E ku is such that xa e L k . We need to show that 

xa G P k (M). 

As a; G P k (M) C supC fc , it follows from controllability of supC fe with respect 
to Lfc and E k>u that 

xa G sup C k . (3) 

Thus, it remains to show that 

xaePl +k (sn V C l+k ), (4) 

for i = l,2. To this end, note first that from the properties of natural projections 
we have that 

P 1+k (w) G Pi +k (M) C su P C 1+fc , (5) 
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and a £ E k>u Q E\+ k ,u- Next, by the definition of the synchronous product we 
obtain that 



Liiisupc^p^r^n^rvpCfc). 



(6) 



Furthermore, P^ + (Pi+ k (w)a) — xa € supC fc , which implies that P\j r k{w)a € 
(P fc 1+fc )- 1 (supC fe ). This and the fact that 



supCfeCPfc^HPfctLiHLs) 
= P k (K)nP k {L 1 \\L 2 ) 

= p k (K)nPl +k (Pl +k r 1 (L 1 ) 
ni^+ fc (if+ fc )- 1 (L 2 ) 



by Lemma 14 



implies that 

Pl +k {P 1+k {w)a) e p^+^p^)- 1 ^) . 
In addition, it follows from (|5| and the definition of supC 1+fc that 

P 1+k (w)e(Pl +k r 1 (L 1 ). 



(7) 



(8) 



(9) 



As P fe + (Pi +fc (w)) is obviously a prefix of P fe + *(Pi +fc (u;)a), and P fc + is an 
(Pj 1-1- ) _1 (Li)-observer, we obtain that there exists u e E*, k such that 



P m H«ae(P 1 +s )- i (ii) 



(10) 



>i+fc 



and P fe i+fe (Pi +fe (w)ua) = P fe i+fc (Pi +fc (w)a), which means that u € (E 1 \ E, 



Since the language L\ is prefix-closed, so is by Lemma 16 {P x ) (£i). There- 
fore, Pi +fe (u;)u € (Pl +k )- l (L 1 ). Note that P^* (P 1+k lw)u) =x£ supC fe , i.e., 
Pi +fc (iu)u € (P /l 1+fe ) _1 (supC fc ). By ||6]) we thus obtain that 

Pi +fc (u;)ue ii||supC fe . (11) 



As the natural projection P^ +k is also OCC for (P 1 1+fc ) x (^i) an d Pi+k{w)ua 
satisfies that a £ E k , u £ [E\ \E k )* , and a e £ u , it follows that 

As Pi_(.fc(w) € supC 1+fc , supC 1+fc is controllable with respect to Li||supC fc 
and Ei +k , u , and P\ +k {w)u G ii||supC fc , Lemma 17 (extended controllability) 
implies that 



Pi +k (w)u e supC lH 



(12) 



Recall that P 1+k (w)ua e (P^ +k y 1 (L 1 ) is satisfied by (10 1 
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As we also have P^ +k (Pi +k (w)ua) =io£ supC fe , by (31), we obtain by (|6| 
that Pi+ k (w)ua € Li||supC fc , which implies by controllability of supC 1+fc with 
respect to the language Li||supC fc and E\+k,u that Pi +k (w)ua £ supC 1+fe , i.e., 

xa = Pl+\P 1+k {w)ua) G P, 1+fc (sup C 1+fe ) . 

Analogously, we can prove that xa £ P 2+fe (supC 2+fc ), which proves (kk. Thus, 

xa£P k (M), 

which was to be shown. 

(II) Now, we show the other property, namely 

P 1+k (M)E 1+kyU n L 1 ||P fe (M)||P fe 2+fe (i 2 ||P fc (M)) C P 1+k (M) . 

First, note that by Lemma [9] and the definition of synchronous product we 
obtain that 

p 1+k (M) = (p^-vpC/b) n ™pc 1+fc n (p^^-^r^supc^fe) . 

Assume that x £ P 1+k (M). This is if and only if there exists w £ M such that 
P\+ k (w) = x. Then x £ supC 1+fc . Let there exist a £ E\ +k _ u such that 

xa £ L x \\P k {M)\\Pl +k (L 2 \\P k (M)) . (13) 

We need to show that 

xa£P 1+k (M). (14) 

As Pfc(Af) C supC fc , it follows that 

L 1 \\P k (M)\\P* +k (L a \\Pj e (M)) c LxllBupCfcHi^+^LallsupCfc). (15) 

From controllability of supC 1+/c with respect to Li||supC fe and Ei +k ^ u , and 
because of the following inclusion Li||supC fc ||P j 2+fc (£2||supC fe ) C Li||supC fc , 
we obtain that 

xa £ supC 1+fc . (16) 

However, we also know that 

Pfe(w) G Pfc(M) C sup C fc (see above) 

and 

P 2+ fcM € P 2+ k{M) C su P C 2+fc . 

(A) On one hand, if a € E\ \ E k , then because Pl +k (xa) — P k {wa) = Pfc(ttf), 
we obtain that P fc 1+fe (xa) e supC fc , and because P^ +fc (xa) = P k +k P2+k(wa) = 

D fc 1+fc M e p, 2+fe (su P c 2+fe ), 



P k +k P2+k{w), we obtain that P fc 1+fc (a;a) e P 2+fe (supC 2+fe ), Hence, for a € 
Pi \ E k we have shown that 

xa£P 1+k (M), 
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which was to be shown. 

(B) On the other hand, if a € E\f\Ek, then 

xa € Li\\P k (M) => Pl +k {xa) G P k (M) C supC fe . 



Thus, xa G (P fe 1+fc ) 



(supC fc ) is satisfied, and it remains to show that 



xa G (P, 1 



1+fcs-l p 2+k 



P^supC 



2+*J 



However, from (13) and Lemma 15 it follows that 



P, 1+fe (xa) G P, 2+fc (P 2 2+fe )- 1 (L 2 ) n P k {M) . 
In addition, we have from the definition of sup C 2+k that 

P^(w)e(Pi +k )- 1 (L 2 ). 



2+fc 



(17) 

(18) 
(19) 
(20) 



As P£ + "(P 2+k (w)) is obviously a prefix of P^ +k {P 2+k {w)a), P' +k {P 2+k {w)a) = 
Pl +k {x)a G P fe (M) C supC fc C p2 +fc (P 2 2+fc )- 1 (L 2 ), and the projection P^+ fc is 
an (P 2 + ) _1 (£2)-observer, there is u G P 2+fe sucn that 

P 2+fe ( W ) U aG(P 2 2+? T 1 (L 2 ) (21) 

with Pl +k {P 2+k {w)ua) = Pl +k (P 2+k {w)a), i.e^u G (E 2 \E k )*. Since the 



language L 2 is prefix-closed, so is by Lemma 16 the language (P 2 1+ ) 1 {L 2 ). 
Therefore, P 2+k (w)u G (P| + ) _1 (^2) is satisfied. Furthermore, note that 



P k i+k (x) G P k {M) C supC fc means that P 2+k {w)u G 



i^ +fc (P 2+fc («;)«) 

(P 2+ )~ 1 (supC fe ). Together, we have by the definition of synchronous prod 
uct that 



P 2+fc (w)uG i 2 ||supC fc . 



(22) 



As the projection P k +k is also OCC for (P 2 +k ) 1 (L 2 ), and P 2+k (w)ua satisfies 
that a G E k , u G (E 2 \ E k )* , and a G E u , it follows that 

UGE* U . 

Since P 2+/ t(w) G supC 2+/c , supC 2+fe is controllable with respect to L 2 ||supC fc 
and E 2+ku , and P 2+k (w)u G L 2 ||supC fc is satisfied, Lemma 17 implies that 



P 2+k (w)u G supC 2+fc 



(23) 



Finally, since P? +k (P 2+k {w)ua) = P k +k (x)a G P k (M) C supC fc by (19), it fol- 



lows by this, (21 ), and the definition of synchronous product that P 2 + k {w)ua G 
L 2 ||supC fc . From this and controllability of supC 2+/c with respect to L 2 ||supC fc 
and E 2+kM , it follows that P 2 + k (w)ua G supC 2+fc , i.e., 

Pl +k (x)a = Pl +k {P 2+k {w)ua) G P 2 k +k (^pG 2+k ) , 
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which proves (18). Thus, 

xa<=Pi+ k (M) 

which was to be shown. 

(Ill) The case P 2+k {M)E 2+Ku fM 2 \\P k {M)\\Pl +k {L 1 \\P k {M)) C P 2+k (M) is 
proven analogously to the previous one. 

Hence, we have shown that M is conditionally controllable with respect to 

L = Li\\L 2 \\L k and (E 1+k . u ,E 2+k . u ,E k . u ) and, thus, 

M C sup cC . 

To prove the opposite inclusion, supcC C M, by Lemma |18| it is sufficient 
to show that 

• Pfc(supcC) C supC fe and 

• Pi + fe(supcC) C supC,j +fe , for i = 1,2. 

To prove this note that Pfc(supcC) C P k (L) = P k (Li\\L 2 ) D L k , where the last 
equality is by using Lemma [91 and that also Pfc(supcC) C P k (K). Thus, we 
have 

P fc (supcC) C P k (K) nl 4 n P k {L x \\L 2 ) = P k (K)\\L k \\P k (L x \\L 2 ) . 

As, in addition, Pfc(supcC) is controllable with respect to L k and E k>u , 

Pfc(supcC) C supC fe 

is satisfied. Further, Pi + fe(supcC) C P 1+fe (ii') and Pi + /c(supcC) C P 1+k (L) C 
Li||Lfe, which implies that 

Pi+^SUpcCjCPi + fe^HL!. 



We know that the language Pi+fc(supcC) is controllable with respect to the 

D2- ' - ' 
fc 



language Li||P fe (supcC)||Pfc +fe (L 2 ||Pfc(siipcC)) and E 1+kyU . Recall that by fa 



Pc(supcC) C su P C fc C P fc 2+fe (P 2 2+fe )- 1 (i 2 ) . 
Next, the following holds: 

Li||flfe(HUpcC)||^ +fc (L2||flfc(BUpcC)) 

= LxUP^supcQUPfcCsupcC) n Pl +k {Pi+ k )- l {L 2 ) 
= L 1 ||P fe (supcC)||P fe (supcC) 

= Li||P fe (supcC) . 

Since Pfc(supcC) is controllable with respect to Lfc and E kiM , it is also control- 
lable with respect to supC fe C L fc and £&,«. As Pi +/ t(supcC) is controllable 
with respect to ii|jp £ (supcC) and E x+ktU , and Li||Pfc(supcC) is controllable 
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with respect to Li||supC fe and E 1+ k :U by Proposition 4.6 in [3] (since all the 



languages under consideration are prefix-closed), it follows by Lemma 19 that 
Fi + fc(supcC) is controllable with respect to Li||supC fc and 2?i+fc )U , which im- 
plies that 

Pi +fe (supcC) C supC 1+fc . 

The case of the property (ii.b) is proven analogously. Hence, we have proven 
that 

sup cC C M 

and the proof is complete. □ 

Note that if we know that the specification language K is included in the 
global language L, the computation can be simplified as shown in the following 
corollary. 

Corollary 23. Let K C L = L\\\L 2 \\Lk be two prefix-closed languages over 
an event set E = E\ U E 2 U E^, where Li C E* , for i = 1,2, k, and let K be 
conditionally decomposable. Define the languages 

supC fc = supC(P fc (^T), L k , E kyU ) , 
supC 1+fc = supC(Pi + k(K), Li\\supC k , E 1+ktU ) , 
SU P C 2+fc = su pC(P2 + k(K),L 2 \\s\ipC k ,E2 + k,u) ■ 

Let the natural projection PL be an (P/ ; ) _1 (L^ -observer and OCC for the 
language (P/ )~ 1 (Li), for i = 1,2. Then 

supC fc ||supC 1+fe ||supC 2+fe = supcC(K,L, (E k . u , E 1+k . Ul E 2+k . u )) ■ 

Proof. UK CL, then 

Pk(K) C P k {L) 

= P fc (L 1 ||L 2 ||L fe ) 

= P fc (i 1 ||i 2 )||I fe , byLemma[8]. 

From Li\\L 2 \\Lk = Pf^Ia) n P 2 l {L 2 ) n P k l {L k ) we also have that 

P +fe W C P+^P- 1 ^)) = (^* + *)- 1 (L i ) , 

for i = 1,2. Since P fc (K) C fl fe (.L 1 ||L 2 )||.L fc and P l+k {K) C (!*+*)-* (£<), for 
i = 1, 2, the proof then follows from the previous theorem. □ 

In addition to the procedure for computation of sup cC in a distributed way, 
another consequence of the theorem above is interesting. Namely, under the 
conditions of Theorem 22 supcC is conditionally decomposable (cf. Lemmapl. 



Even more, the supremal conditionally controllable sublanguage is control- 
lable with respect to the global plant as we show below and, consequently, 
the supremal conditionally controllable sublanguage is included in the global 
supremal controllable sublanguage. This is not a surprise because the language 
synthesized using the coordination architecture is more restrictive than the lan- 
guage synthesized using (monolithic) supervisory control of the global plant. 
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Theorem 24. In the setting of Corollary \23\ we have that 

supcC(7^, L, (E k>u , E 1+k . u , E 2+ k.u)) 
is controllable with respect to L and E u , i.e., 

supcC(K,L,(E ktU ,E 1+ktU ,E 2+ k,u)) Q sup C(K , L, E u ) . 
Proof. It is sufficient to show that 

supcC :=supcC(K,L,(E k!U ,Ei +kiU ,E 2+ k,u)) 

is controllable with respect to L = Li\\L 2 \\Lk and E u . Notice that there exist 
sup C k C E k , sup C 1+fc C E%+ k , and sup G 2+k ^= E 2+ k as defined in Corollary 23 
so that 

supcC = supC fe ||supC 1+fe ||supC 2+fc . 

In addition, we know that 

• supC fe is controllable with respect to L k and Ek, u , 

• supC 1+fe is controllable with respect to Li||supC fe and Ei +k .m 

• supC 2+ fe is controllable with respect to L2||supC fe and E 2 +k.u ■ 

By Proposition 4.6 in [3] (since all the languages under consideration are prefix- 
closed) 

supcC = supC fc ||supC 1+fc ||supC 2+ fe 

is controllable with respect to 

LfclKLxHsupCJIKLallsupCfc) = i||su P C fc 
and E u . Analogously, we can obtain that L||supC fc is controllable with respect 



to L\\L k — L and E u . Finally, by the transitivity of controllability, Lemma 19 
we obtain that supcC is controllable with respect to L and E u , which was to 
be shown. □ 

The previous theorem demonstrates that the result of our approach shown 
in Theorem [22] is always controllable with respect to L and E u . Now, we show 
that if some additional conditions are also satisfied, then the resulting supre- 



mal conditionally controllable sublanguage constructed in Theorem 22 is also 
optimal, i.e., it coincides with the supremal controllable sublanguage of K with 
respect to L and E u . 

The following result concerning observer properties is proven in [31 Proposi- 
tion 4.5]. 

Lemma 25. Let Li C E* , i = 1,2, be two (prefix-closed) languages, and let 
Pi : (EiUE 2 )* — > E* , where i — l,2,k and E k C E\UE 2 , be natural projections. 
If Ei n E 2 C Ek and P kni is an Li-observer, for i — 1,2, then the projection Pk 
is an Li\\L 2 -observer. 
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In the following lemma, we prove that conditions of Theorem [22] imply that 
the projection Pk is OCC for L. 

Lemma 26. Let Li C E* , i = 1.2, be two (prefix-closed) languages, and let 
Pi : (E1UE2)* — > E* , where i = 1, 2, fe and P& C E1UE2, be natural projections. 
Denote by E u C. E±U E% the set of uncontrollable events. If E\ D £2 C 75/. and 
Pjj +fe zs OCC for (P- +k )~ 1 (L i ), for % = 1,2, #ien i/ie natural projection P k is 
OCC for L = L x \\L 2 \\L k . 

Proof. Let s e L be of the form s = sVoOi . . . <Jk—x°~k-i f° r some k > 1, and 
assume that <To, Ofc G E k , o~^ G P \ Pfc, for i = 1,2, . . . , k — 1, and o~k G E u . 
We need to show that o~i G P u , for all i — 1, 2, . . . , k — 1. However, Pi +k (s) = 
P i+ k(s')o-oP i+ k(o-i ■ ■ ■ CTfe_i)cr fe G (P- +k y 1 (L l ) and the OCC property implies 
that Pj+fc(t7i . . . £Tfc_i) G P*, for i = 1,2. Consider er G {cri,(T2, • • ■ ,o~k-i}- 
Then, a G (EiUE 2 )\Ek. Without loss of generality, assume that a G E\. Then, 
Pi+k{o) = o- e E u and P 2+ /cO) = e G E* u . Thus, {ai, ct 2 , . . . , 07,-1} C E u , 
which was to be shown. □ 

Theorem 27. Consider the setting of Corollary[2M Lfi in addition, Lk C Pk(L) 
and Pi+k is OCC for the language P~, k (Li\\Lk), for i = 1,2, then 

sup cC(K, L, {E k<u , E 1+k , u , E 2 +k,u)) = sup C(K, L, E u ) . 



Proof. The inclusion C is proven in Theorem 24 Thus, we prove the other 
inclusion. 

From the assumptions, 



k 
and 



P l k +k is the (i^+' £ )" 1 (L i )-observer, for i = 1,2, 



Pk is an L/j-observer 



because the obse rver property always holds for the identity projection. 



Now, Lemma 
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applied to projections Pk +k and P"k +k implies that 
P k is an (P 1 1+fc )- 1 (X 1 )||(P 2 2+fc )- 1 (i 2 ) = Li||L 2 -observer. 

k 

Pk is an (L 1 ||L 2 )||ifc = L-observer. 



Another application of this lemma to projections Pk and P k implies that 



In addition, by Lemma [26} the projection Pk is also OCC for L. For short, 
denote 

sup C := sup C(K, L, E u ) . 

We now prove that Pfc(supC) is controllable with respect to Lk and E k , u - To 
do this, assume that t G Pfe(supC), a G Ek, u , and ta G Lk C Pfe(X). Then, 
there exists s G supC such that Pk(s) = t. As Pk is the L-observer, there exists 
v G E* such that sv G L and 

Pk(sv) = Pk(s)Pk(v)=ta, 
24 



i.e., v = ua, for some u £ (E \ E k )*. Furthermore, from the OCC property of 

ueE* u . 

From controllability of sup C with respect to L and E u , this implies that sua £ 
supC, which means that Pk(sua) = ta £ Pfc(supC). Hence, (i) of Definition [7] 
is satisfied. 

Next, we have that 

Pill: (identities) are the ( j P/ + ' c )" 1 ( J L 4 )-observers, for i = 1,2, 

and that 

P]ll = P l k +k is the (^ +fc )- 1 (^ l )-observer, for {», j} = {1, 2}, and 



j+k ~ ± k 

k = r i+k 

-}i+k pj+k 



Pt = PK k is the Lfe-observer, for i — 1,2. 



Then, similarly as above, Lemma 25 applied to projections P?i , Pf i , j ^ i, 
and P/i/. implies that the projections 

P+Zc are L-observers, for i = 1, 2. 

Thus, to prove (ii) of Definition [71 assume that, for some 1 < i < 2, 

• t e p +fc (supC), 

• a £ E i+k ^ u , and 

• to G Z,*|| flt(sup G)||P3g' +fc (Z- i ||fl fe (sup C)), for j ^ i. 

Then, there exists s £ supC such that Pi+ k (s) — t. As P;+fe is the L-observer, 
and 

L,||P fe (supC)||P^ +fc ( J L,||P fc (supC))cp +fc (L) = Li\\L k \\Pi +k (Lj\\L k ), j^i, 

because 

P fe (supC)CP fe (/f)CP fc (L)Ci fc , 

there exists v £ E* such that sv £ L and 

P +fe (.sw) = P l+k (s)P l+k (v) = ta, 

i.e., u = ua, for some u £ (E\ E i+k )* . Since P i+ fe is OCC for P~^ k (Li\\L k ) and 
sua £ L <Z P7 k (Li || £fc), we obtain that u G ££. Finally, from the controllability 
of sup C with respect to L and E u , we obtain that swa £ supC. This means 
that Pi+ k (sua) = ta £ P;+fc(supC), which was to be shown. □ 

Remark 28. Note that it is sufficient to assume that Pi+ k is OCC for L. This 
assumption is less restrictive than the one used in the theorem. Unfortunately, 
we do not know how to verify this property without computing the whole plant L. 
On the other hand, if Pi+ k is OCC for P~ (Li), for i = 1,2, then the theorem 
holds as well. 

Furthermore, for the verification of L k C P k (L), we can use the property 
that Pfe(P) = P k {Li) n P k {L 2 ) n L k C L k . Thus, L k C P k (L) if and only if 
L k CP k (Li), fori = 1,2. 



2.") 



5.3 An example 

In this section, we demonstrate our approach on an example. To do this, let 
G = G1WG2 be a system defined over an event set E = {ai, a 2 , c, u, u 1; m 2 } as a 
synchronous composition of systems G\ and G 2 defined in Figure |4j where the 
set of uncontrollable events is E u = {u, u\, 11-2}. The behaviors of these systems 






follow, 
and 



(c) Coordinator. 

Figure 4: Generators for G\, G2, and the coordinator. 
L(d) = {cui,aiu}, L(G 2 ) = {cu 2 ,a 2 u} 



L(G) = {a\a 2 u, a 2 aiu, cu\U 2l cu 2 U\\ . 
The specification language 



K = {a 2 ai, a\a 2 u, cu\u 2l cu 2 U\\ 
is defined by the generator in Figure [5| 




Figure 5: Generator for the specification language K. 

Now, we need to find a coordinator, i.e., specifically its event set E^. Note 
that Ek has to contain both shared events c and u. In addition, to make K 
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conditionally decomposable, at least one of a\ and a^ has to be added to E k . 
Thus, we have ensured that K is conditionally decomposable. 

Furthermore, the natural projections must satisfy observer and OCC prop- 
erties. If a, i E k , for some i £ {1, 2}, then P l + k is not OCC for {Pt +k )- 1 (L i ). 
Thus, 

E k = {ai,a 2 ,c,u} . 

Moreover, as we consider prefix-closed languages in this paper, and the co- 
ordinator plays a role in blocking issues, we choose the coordinator so that its 
behavior L k does not change the original system when composed together, i.e., 

L(G l \\G 2 )\\L k = L(G 1 \\G 2 ) 

is satisfied, see Figure |4j Our choice is thus 

L k = L(Pl nk (G 1 )\\Pi nk (G 2 )), 



which means that L k = {c, 0,10211,0,20,211,}. The projections of K are then the 
following languages: 



P k (K) = {a 2 ai,c,aia 2 u}, 



Pi +k (K) — {a\a 2 u, a 2 ai,cui\, and 



• P 2+k (K) = {axa 2 u, a 2 ai,cu 2 }. 

As mentioned above, it can be verified that the natural projections P k are 
(P? +fe ) _1 (Li)-observers and OCC for the same language, for i = 1, 2. Therefore, 
we can compute the languages 



• supC fc = {a 2 ,c, a\a 2 u}, 

• supC 1+fc = {aia 2 ti, a 2 ,eui}, 



• supC 2+fe = {a 1 a 2 u,a 2 ,cu 2 \, 
as defined in Theorem |22[ whose synchronous product 



supC fc ||supC 1+fc ||supC 2+fc = {aia 2 u,a2 1 cuiU2,cu2Ui\ 
is the supremal conditionally controllable sublanguage of K, which is control- 



lable by Theorem 24 However, it can be verified that in this case the resulting 
language coincides with the supremal controllable sublanguage of K with re- 
spect to L(G) and E u . Thus, using our approach, we have computed not only 
a controllable sublanguage of K, but the supremal one. 

Finally, note that the languages involved are not mutually controllable jB], 
therefore the approach discussed in [5J cannot be used in this situation. 
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6 Conclusion 

We have considered supervisory control of modular discrete-event systems with 
global specification languages. A coordination control framework has been 
adopted where, unlike the purely decentralized setting, a global layer with a 
coordinator acting on a subset of the global event set has been added. Based on 
this framework, two main results have been presented. First, a necessary and 
sufficient condition on a specification language to be exactly achieved in the 
coordination control architecture, called conditional controllability, has been 
proposed. Then, it has been shown how the supremal conditionally controllable 
sublanguage can be synthesized. Finally, the relationship between supremal 
conditionally controllable sublanguages and supremal controllable sublanguage 
has been investigated. 

In this paper, we have only been interested in the optimality of the control 
scheme, but blocking that is inherent to modular and, more generally, to our 
coordinated control synthesis has not been considered. It is then sufficient 
to choose a suitable coordinator event set and the coordinator itself need not 
impose any restriction on the behavior because its supervisor can take care of 
a required restriction of the plant projected to the coordinator events. In a 
future work, however, it is our plan to address the blocking issue by considering 
a suitable coordinator and combine it with the three supervisors so that both 
blocking and maximal permissivity are handled at the same time within the 
coordination scheme. 

Thus, more work on coordination control dealing with global specification 
languages is needed. In particular, the synthesis of coordinators for nonblock- 
ingness is to be developed and the approach should be extended to partially 
observed modular plants. 
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